From 0d39a81fe4754fc2624873459f7d1aab0b33dcdd Mon Sep 17 00:00:00 2001 From: spirit Date: Wed, 4 Dec 2019 20:35:35 +0800 Subject: [PATCH 1/5] encrypt QQ avatar link --- functions.php | 45 +++++++++++++++++----- inc/api.php | 88 ++++++++++++++++++++++++++++++++------------ manifest/manifest.py | 86 ++++++++++++++++++++++++++++++------------- options.php | 7 ++++ 4 files changed, 168 insertions(+), 58 deletions(-) diff --git a/functions.php b/functions.php index 19844fd..1810e82 100644 --- a/functions.php +++ b/functions.php @@ -1616,11 +1616,17 @@ function output_comments_qq_columns( $column_name, $comment_id ){ */ add_filter( 'get_avatar', 'change_avatar', 10, 3 ); function change_avatar($avatar){ - global $comment; + global $comment,$sakura_pubkey; if ($comment) { if( get_comment_meta( $comment->comment_ID, 'new_field_qq', true )){ $qq_number = get_comment_meta( $comment->comment_ID, 'new_field_qq', true ); - return '😀'; + if(akina_option('qq_avatar_link')){ + openssl_public_encrypt($qq_number, $encrypted, openssl_pkey_get_public($sakura_pubkey)); + $qq_number = urlencode(base64_encode($encrypted)); + return '😀'; + }else{ + return '😀'; + } }else{ return $avatar ; } @@ -1728,20 +1734,39 @@ function create_sakura_table(){ PRIMARY KEY (`mate_key`) ) ENGINE=MyISAM DEFAULT CHARSET=utf8 COLLATE=utf8_bin AUTO_INCREMENT=1 ;"); //default data - $manifest = array( - "mate_key" => "manifest_json", - "mate_value" => file_get_contents(get_template_directory()."/manifest/manifest.json") - ); - $time = array( - "mate_key" => "json_time", - "mate_value" => date("Y-m-d H:i:s",time()) - ); if ( !$wpdb->get_var("SELECT COUNT(*) FROM $sakura_table_name WHERE mate_key = 'manifest_json'") ){ + $manifest = array( + "mate_key" => "manifest_json", + "mate_value" => file_get_contents(get_template_directory()."/manifest/manifest.json") + ); $wpdb->insert($sakura_table_name,$manifest); } if ( !$wpdb->get_var("SELECT COUNT(*) FROM $sakura_table_name WHERE mate_key = 'json_time'") ){ + $time = array( + "mate_key" => "json_time", + "mate_value" => date("Y-m-d H:i:s",time()) + ); $wpdb->insert($sakura_table_name,$time); } + if ( !$wpdb->get_var("SELECT COUNT(*) FROM $sakura_table_name WHERE mate_key = 'privkey'") ){ + $privkey = array( + "mate_key" => "privkey", + "mate_value" => file_get_contents(get_template_directory()."/manifest/private.key") + ); + $wpdb->insert($sakura_table_name,$privkey); + } + if ( !$wpdb->get_var("SELECT COUNT(*) FROM $sakura_table_name WHERE mate_key = 'pubkey'") ){ + $pubkey = array( + "mate_key" => "pubkey", + "mate_value" => file_get_contents(get_template_directory()."/manifest/public.key") + ); + $wpdb->insert($sakura_table_name,$pubkey); + } + //reduce sql query + global $sakura_image_array,$sakura_privkey,$sakura_pubkey; + $sakura_image_array = $wpdb->get_var("SELECT `mate_value` FROM `wp_sakura` WHERE `mate_key`='manifest_json'"); + $sakura_privkey = $wpdb->get_var("SELECT `mate_value` FROM `wp_sakura` WHERE `mate_key`='privkey'"); + $sakura_pubkey = $wpdb->get_var("SELECT `mate_value` FROM `wp_sakura` WHERE `mate_key`='pubkey'"); } add_action( 'after_setup_theme', 'create_sakura_table' ); diff --git a/inc/api.php b/inc/api.php index 1450261..20db90c 100644 --- a/inc/api.php +++ b/inc/api.php @@ -20,18 +20,23 @@ add_action('rest_api_init', function () { 'methods' => 'GET', 'callback' => 'feature_gallery', )); - register_rest_route('sakura/v1', '/image/manifest', array( + register_rest_route('sakura/v1', '/database/update', array( 'methods' => 'POST', - 'callback' => 'update_manifest_json', + 'callback' => 'update_database', )); register_rest_route('sakura/v1', '/qqinfo/json', array( 'methods' => 'GET', 'callback' => 'get_qq_info', )); + register_rest_route('sakura/v1', '/qqinfo/avatar', array( + 'methods' => 'GET', + 'callback' => 'get_qq_avatar', + )); }); /** * QQ info + * https://sakura.2heng.xin/wp-json/sakura/v1/qqinfo/json */ function get_qq_info(WP_REST_Request $request) { @@ -337,8 +342,8 @@ EOS; * @rest api接口路径:https://sakura.2heng.xin/wp-json/sakura/v1/image/cover */ function cover_gallery() { - global $wpdb; - $img_array = json_decode($wpdb->get_var("SELECT `mate_value` FROM `wp_sakura` WHERE `mate_key`='manifest_json'"), true); + global $wpdb,$sakura_image_array; + $img_array = json_decode($sakura_image_array, true); $img = array_rand($img_array); $img_domain = akina_option('cover_cdn') ? akina_option('cover_cdn') : get_template_directory_uri(); if(strpos($_SERVER['HTTP_ACCEPT'], 'image/webp')) { @@ -358,8 +363,8 @@ function cover_gallery() { * @rest api接口路径:https://sakura.2heng.xin/wp-json/sakura/v1/image/feature */ function feature_gallery() { - global $wpdb; - $img_array = json_decode($wpdb->get_var("SELECT `mate_value` FROM `wp_sakura` WHERE `mate_key`='manifest_json'"), true); + global $wpdb,$sakura_image_array; + $img_array = json_decode($sakura_image_array, true); $img = array_rand($img_array); $img_domain = akina_option('cover_cdn') ? akina_option('cover_cdn') : get_template_directory_uri(); if(strpos($_SERVER['HTTP_ACCEPT'], 'image/webp')) { @@ -375,10 +380,10 @@ function feature_gallery() { } /* - * update manifest.json rest api - * @rest api接口路径:https://sakura.2heng.xin/wp-json/sakura/v1/image/json + * update database rest api + * @rest api接口路径:https://sakura.2heng.xin/wp-json/sakura/v1/database/update */ -function update_manifest_json() { +function update_database() { $username = $_SERVER['PHP_AUTH_USER']; $password = $_SERVER['PHP_AUTH_PW']; $user = wp_authenticate($username, $password); @@ -386,24 +391,45 @@ function update_manifest_json() { if (in_array('administrator', (array) $user->roles)) { global $wpdb; $sakura_table_name = $wpdb->base_prefix.'sakura'; - $manifest = array( - "key" => "manifest_json", - "value" => file_get_contents($_FILES["manifest"]["tmp_name"]) - ); - $time = array( - "key" => "json_time", - "value" => date("Y-m-d H:i:s",time()) - ); - - $wpdb->query("DELETE FROM `wp_sakura` WHERE `mate_key` ='manifest_json'"); - $wpdb->query("DELETE FROM `wp_sakura` WHERE `mate_key` ='json_time'"); - $wpdb->insert($sakura_table_name,$manifest); - $wpdb->insert($sakura_table_name,$time); + if(isset($_FILES["manifest"])) { + $manifest = array( + "key" => "manifest_json", + "value" => file_get_contents($_FILES["manifest"]["tmp_name"]) + ); + $time = array( + "key" => "json_time", + "value" => date("Y-m-d H:i:s",time()) + ); + $wpdb->query("DELETE FROM `wp_sakura` WHERE `mate_key` ='manifest_json'"); + $wpdb->query("DELETE FROM `wp_sakura` WHERE `mate_key` ='json_time'"); + $wpdb->insert($sakura_table_name,$manifest); + $wpdb->insert($sakura_table_name,$time); + $message = "manifest.json has been stored into database."; + } + if(isset($_FILES["rsa"])){ + if($_FILES["rsa"]["name"]=="public.key"){ + $pubkey = array( + "mate_key" => "pubkey", + "mate_value" => file_get_contents($_FILES["rsa"]["tmp_name"]) + ); + $wpdb->query("DELETE FROM `wp_sakura` WHERE `mate_key` ='pubkey'"); + $wpdb->insert($sakura_table_name,$pubkey); + } + if($_FILES["rsa"]["name"]=="private.key"){ + $privkey = array( + "mate_key" => "privkey", + "mate_value" => file_get_contents($_FILES["rsa"]["tmp_name"]) + ); + $wpdb->query("DELETE FROM `wp_sakura` WHERE `mate_key` ='privkey'"); + $wpdb->insert($sakura_table_name,$privkey); + } + $message = "key pairs has been stored into database."; + } $output = array( 'status' => 200, 'success' => true, - 'message' => 'manifest.json has been stored into database' + 'message' => $message ); $result = new WP_REST_Response($output, 200); $result->set_headers(array('Content-Type' => 'application/json')); @@ -420,3 +446,19 @@ function update_manifest_json() { return $result; } } + +/** + * QQ头像链接解密 + */ +function get_qq_avatar(){ + global $sakura_privkey; + $qq_number=$_GET["qq"]; + $encrypted = urldecode(base64_decode($qq_number)); + openssl_private_decrypt($encrypted, $qq_number, openssl_pkey_get_private($sakura_privkey)); + preg_match('/^\d{3,}$/', $qq_number, $matches); + $imgurl='https://q2.qlogo.cn/headimg_dl?dst_uin='.$matches[0].'&spec=100'; + $response = new WP_REST_Response(); + $response->set_status(302); + $response->header('Location', $imgurl); + return $response; +} diff --git a/manifest/manifest.py b/manifest/manifest.py index 4504583..941b3fd 100644 --- a/manifest/manifest.py +++ b/manifest/manifest.py @@ -10,6 +10,7 @@ import json import requests import base64 import hashlib +from Crypto.PublicKey import RSA from PIL import Image class Single(object): @@ -43,47 +44,82 @@ class Single(object): 'webp': [self.webp, self.webp_th] } - #这个最好新建一个类 - def upload_manifest(self): - username = input('Enter your username: ') - password = input('Enter your password: ') - url = input('Enter your rest api url: ') - data_string = username + ':' + password + def main(self): + self.hash() + # if os.path.exists(self.jpeg) and os.path.exists(self.webp): + self.optimize() + self.manifest() + return self.mani + + +class Upload2Wordpress: + def __init__(self, username, password, url): + self.username = username + self.password = password + self.url = url + + def upload(self, file, field): + data_string = self.username + ':' + self.password token = base64.b64encode(data_string.encode()).decode('utf-8') headers = { 'Authorization': 'Basic ' + token, "User-Agent": "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.97" } - files = {'manifest': open('manifest.json', mode="rb")} - reply = requests.post(url, headers=headers, files=files) + files = {field: open(file, mode="rb")} + reply = requests.post(self.url, headers=headers, files=files) print(json.loads(reply.content)['message']) - def main(self): - self.hash() - # if os.path.exists(self.jpeg) and os.path.exists(self.webp): - self.optimize() - self.thumbnail() - self.manifest() - return self.mani + def upload_manifest(self): + print('start uploading `manifest.json`...') + self.upload('manifest.json', 'manifest') -def main(): + def upload_key(self): + print('start uploading `private.key`...') + self.upload('private.key', 'rsa') + print('start uploading `public.key`...') + self.upload('public.key', 'rsa') + + def main(self): + self.upload_manifest() + self.upload_key() + + +def gen_manifest_json(): onlyfiles = [f for f in os.listdir('gallary') if os.path.isfile(os.path.join('gallary', f))] id = 1 Manifest = {} - for f in onlyfiles: - worker = Single(f, Manifest) - Manifest = worker.main() - print(str(id) + '/' + str(len(onlyfiles))) - id += 1 - + worker = Single(f, Manifest) + Manifest = worker.main() + print(str(id) + '/' + str(len(onlyfiles))) + id += 1 with open('manifest.json', 'w+') as json_file: json.dump(Manifest, json_file) - up_json = Single(f, Manifest) - up_json.upload_manifest() + +def gen_key_pairs(): + key = RSA.generate(1024) + pv_key_string = key.exportKey() + with open("private.key", "w+") as prv_file: + print("{}".format(pv_key_string.decode()), file=prv_file) + pb_key_string = key.publickey().exportKey() + with open("public.key", "w+") as pub_file: + print("{}".format(pb_key_string.decode()), file=pub_file) + + +def main(): + gen_manifest_json() + if not os.path.exists("public.key") or not os.path.exists("private.key"): + print("start generating key pairs...") + gen_key_pairs() + username = input('Enter your username: ') + password = input('Enter your password: ') + url = input('Enter your rest api url: ') + upload = Upload2Wordpress(username, password, url) + upload.main() + if __name__ == '__main__': main() - key = input('`manifest.json` saved. Press any key to quit.') + key = input('`manifest.json` saved. Press any key to quit.') quit() diff --git a/options.php b/options.php index a9171a7..e659e49 100644 --- a/options.php +++ b/options.php @@ -1135,6 +1135,13 @@ function optionsframework_options() { 'std' => '0', 'type' => 'checkbox'); + $options[] = array( + 'name' => __('QQ avatar link encryption', 'sakura'),/*QQ头像链接加密*/ + 'desc' => __('Check to enable, do not display the user\'s qq avatar links directly.', 'sakura'),/*勾选开启,不直接暴露用户qq头像链接*/ + 'id' => 'qq_avatar_link', + 'std' => '0', + 'type' => 'checkbox'); + $options[] = array( 'name' => __('Comment UA infomation', 'sakura'),/*评论UA信息*/ 'desc' => __('Check to enable, display the user\'s browser, operating system information', 'sakura'),/*勾选开启,显示用户的浏览器,操作系统信息*/ From f2a96c3f71ebddab4df2ef141b30cac92cc168b5 Mon Sep 17 00:00:00 2001 From: spirit Date: Wed, 4 Dec 2019 20:45:16 +0800 Subject: [PATCH 2/5] add key pairs --- manifest/private.key | 15 +++++++++++++++ manifest/public.key | 6 ++++++ 2 files changed, 21 insertions(+) create mode 100644 manifest/private.key create mode 100644 manifest/public.key diff --git a/manifest/private.key b/manifest/private.key new file mode 100644 index 0000000..32d26d4 --- /dev/null +++ b/manifest/private.key @@ -0,0 +1,15 @@ +-----BEGIN RSA PRIVATE KEY----- +MIICXgIBAAKBgQDC2aXWaqi3rnlmHm97aEPtgvfW6brUztfev88GxdizNLCItEfy +qrNEovewoXXNOVlEfzgWpGyMbcdno5S0Q4H+nc9WPIzKIrx3AeSyzGAuammcZ/m9 +5fPlS9oVCcH9kakgpkvut6VCx2DMNz+UeHJ7E0qyIIbZH2o3t0ZXuJ+fEQIDAQAB +AoGAI3ucEhhZQh3ROLH5Ljl2CUYM2QO2RLOoJwW57ytPQ48oSLS/12aTf7/HqFA2 +0hkL8wfR0Hm/1LDXG73zwgH7JW9ByYGNFbnjEIAcY6DZc0zFuV++yUqNiYVggkVa +ae0e0Z0aoLC1S5494Oa5XEYb9kCCezb6n5GMyqlmlcPr5ksCQQDC9BYYuTilSOVC +AnwOXaIE88Yr006WXQFYBeEeNB17eDSpNKsc/1z+K+NOZacCRP5rTViIsiNWcodM +3EWhPljfAkEA/91IXqF8gxutvRN1eAa6YZlFEeZtDSPDtB7bmds4NEqgCMwxKQaG +VLAmbVsJpevXRiu10ewOz688XWN+GBLWDwJBAJal7YlPX/GBYf9fUiP7wN6YzdNB +52GUHxy49lvTo9Csc+0pEO1Ie8DBg1YqgSLk08FxNG/1UA9WUy1WrcvLFPsCQQCW +agDEWMy4yom9cHYLJHFnNNJM7phHNDI1bjqM3TnSS9h+s4Nm6cYIfTFp8i3e06FP +SBzwFoSyhQLIp9eV0WTzAkEAo8ByUQGurZnv7PeLoEt2P2pBPYYEU6iA1qUNq7oY +cnVtlsQiDWiecc+aqhX3LQ3VVNdDvg0BSywB0nixDeD0CQ== +-----END RSA PRIVATE KEY----- diff --git a/manifest/public.key b/manifest/public.key new file mode 100644 index 0000000..f94d13f --- /dev/null +++ b/manifest/public.key @@ -0,0 +1,6 @@ +-----BEGIN PUBLIC KEY----- +MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDC2aXWaqi3rnlmHm97aEPtgvfW +6brUztfev88GxdizNLCItEfyqrNEovewoXXNOVlEfzgWpGyMbcdno5S0Q4H+nc9W +PIzKIrx3AeSyzGAuammcZ/m95fPlS9oVCcH9kakgpkvut6VCx2DMNz+UeHJ7E0qy +IIbZH2o3t0ZXuJ+fEQIDAQAB +-----END PUBLIC KEY----- From d7e5af113f430062d17caf6b0c81a6702c1c2bae Mon Sep 17 00:00:00 2001 From: spirit Date: Thu, 5 Dec 2019 18:12:31 +0800 Subject: [PATCH 3/5] add choices --- functions.php | 10 +++++++--- inc/api.php | 16 ++++++++++++---- manifest/README.md | 2 ++ options.php | 12 +++++++++--- 4 files changed, 30 insertions(+), 10 deletions(-) diff --git a/functions.php b/functions.php index 1810e82..f832fe6 100644 --- a/functions.php +++ b/functions.php @@ -1620,12 +1620,16 @@ function change_avatar($avatar){ if ($comment) { if( get_comment_meta( $comment->comment_ID, 'new_field_qq', true )){ $qq_number = get_comment_meta( $comment->comment_ID, 'new_field_qq', true ); - if(akina_option('qq_avatar_link')){ + if(akina_option('qq_avatar_link')=='off'){ + return '😀'; + }elseif(akina_option('qq_avatar_link')=='type_3'){ + $qqavatar = file_get_contents('http://ptlogin2.qq.com/getface?appid=1006102&imgtype=3&uin='.$qq_number); + preg_match('/:\"([^\"]*)\"/i',$qqavatar,$matches); + return '😀'; + }else{ openssl_public_encrypt($qq_number, $encrypted, openssl_pkey_get_public($sakura_pubkey)); $qq_number = urlencode(base64_encode($encrypted)); return '😀'; - }else{ - return '😀'; } }else{ return $avatar ; diff --git a/inc/api.php b/inc/api.php index 20db90c..ef77961 100644 --- a/inc/api.php +++ b/inc/api.php @@ -449,6 +449,7 @@ function update_database() { /** * QQ头像链接解密 + * https://sakura.2heng.xin/wp-json/sakura/v1/qqinfo/avatar */ function get_qq_avatar(){ global $sakura_privkey; @@ -457,8 +458,15 @@ function get_qq_avatar(){ openssl_private_decrypt($encrypted, $qq_number, openssl_pkey_get_private($sakura_privkey)); preg_match('/^\d{3,}$/', $qq_number, $matches); $imgurl='https://q2.qlogo.cn/headimg_dl?dst_uin='.$matches[0].'&spec=100'; - $response = new WP_REST_Response(); - $response->set_status(302); - $response->header('Location', $imgurl); - return $response; + if(akina_option('qq_avatar_link')=='off'){ + $imgdata = file_get_contents($imgurl); + header("Content-type: image/jpeg"); + echo $imgdata; + }else{ + $response = new WP_REST_Response(); + $response->set_status(302); + $response->header('Location', $imgurl); + return $response; + } + } diff --git a/manifest/README.md b/manifest/README.md index c34eb2b..2209345 100644 --- a/manifest/README.md +++ b/manifest/README.md @@ -24,6 +24,8 @@ pip3 install Pillow pip install Pillow --user ``` +用同样的方法安装`requests`、`pycryptodome` + ### 运行 把图片文件放到 `gallary` 目录,Windows 可直接双击 manifest.py,或者和其他操作系统一样,在 Terminal、Powershell、CMD 中运行: diff --git a/options.php b/options.php index e659e49..4d1f00a 100644 --- a/options.php +++ b/options.php @@ -1137,10 +1137,16 @@ function optionsframework_options() { $options[] = array( 'name' => __('QQ avatar link encryption', 'sakura'),/*QQ头像链接加密*/ - 'desc' => __('Check to enable, do not display the user\'s qq avatar links directly.', 'sakura'),/*勾选开启,不直接暴露用户qq头像链接*/ + 'desc' => __('Do not display the user\'s qq avatar links directly.', 'sakura'),/*不直接暴露用户qq头像链接*/ 'id' => 'qq_avatar_link', - 'std' => '0', - 'type' => 'checkbox'); + 'std' => "off", + 'type' => "radio", + 'options' => array( + 'off' => __('Off (default)', 'sakura'),/*关闭(默认)*/ + 'type_1' => __('use redirect (general security)', 'sakura'),/*使用 重定向(安全性一般)'*/ + 'type_2' => __('fetch data at backend (high security)', 'sakura'),/*后端获取数据(安全性高)*/ + 'type_3' => __('fetch data at backend (high security,slow)', 'sakura'),/*后端获取数据(安全性高, 慢)*/ + )); $options[] = array( 'name' => __('Comment UA infomation', 'sakura'),/*评论UA信息*/ From e8e5630907b4831c8c7b4ead5043e284b6587992 Mon Sep 17 00:00:00 2001 From: spirit Date: Thu, 5 Dec 2019 23:07:28 +0800 Subject: [PATCH 4/5] change encrypt method --- functions.php | 21 +++++------------- inc/api.php | 52 +++++++++++++++----------------------------- manifest/README.md | 2 +- manifest/manifest.py | 28 ++---------------------- manifest/private.key | 15 ------------- manifest/public.key | 6 ----- 6 files changed, 26 insertions(+), 98 deletions(-) delete mode 100644 manifest/private.key delete mode 100644 manifest/public.key diff --git a/functions.php b/functions.php index f832fe6..879009c 100644 --- a/functions.php +++ b/functions.php @@ -1616,7 +1616,7 @@ function output_comments_qq_columns( $column_name, $comment_id ){ */ add_filter( 'get_avatar', 'change_avatar', 10, 3 ); function change_avatar($avatar){ - global $comment,$sakura_pubkey; + global $comment,$sakura_privkey; if ($comment) { if( get_comment_meta( $comment->comment_ID, 'new_field_qq', true )){ $qq_number = get_comment_meta( $comment->comment_ID, 'new_field_qq', true ); @@ -1627,9 +1627,9 @@ function change_avatar($avatar){ preg_match('/:\"([^\"]*)\"/i',$qqavatar,$matches); return '😀'; }else{ - openssl_public_encrypt($qq_number, $encrypted, openssl_pkey_get_public($sakura_pubkey)); - $qq_number = urlencode(base64_encode($encrypted)); - return '😀'; + $encrypted = openssl_encrypt($qq_number, 'aes-128-cbc', $sakura_privkey, 0); + $encrypted = urlencode(base64_encode($encrypted)); + return '😀'; } }else{ return $avatar ; @@ -1729,7 +1729,7 @@ add_action('pre_comment_on_post', 'allow_more_tag_in_comment'); * 随机图 */ function create_sakura_table(){ - global $wpdb; + global $wpdb,$sakura_image_array,$sakura_privkey; $sakura_table_name = $wpdb->base_prefix.'sakura'; require_once(ABSPATH . "wp-admin/includes/upgrade.php"); dbDelta("CREATE TABLE IF NOT EXISTS `" . $sakura_table_name . "` ( @@ -1755,22 +1755,13 @@ function create_sakura_table(){ if ( !$wpdb->get_var("SELECT COUNT(*) FROM $sakura_table_name WHERE mate_key = 'privkey'") ){ $privkey = array( "mate_key" => "privkey", - "mate_value" => file_get_contents(get_template_directory()."/manifest/private.key") + "mate_value" => wp_generate_password(8) ); $wpdb->insert($sakura_table_name,$privkey); } - if ( !$wpdb->get_var("SELECT COUNT(*) FROM $sakura_table_name WHERE mate_key = 'pubkey'") ){ - $pubkey = array( - "mate_key" => "pubkey", - "mate_value" => file_get_contents(get_template_directory()."/manifest/public.key") - ); - $wpdb->insert($sakura_table_name,$pubkey); - } //reduce sql query - global $sakura_image_array,$sakura_privkey,$sakura_pubkey; $sakura_image_array = $wpdb->get_var("SELECT `mate_value` FROM `wp_sakura` WHERE `mate_key`='manifest_json'"); $sakura_privkey = $wpdb->get_var("SELECT `mate_value` FROM `wp_sakura` WHERE `mate_key`='privkey'"); - $sakura_pubkey = $wpdb->get_var("SELECT `mate_value` FROM `wp_sakura` WHERE `mate_key`='pubkey'"); } add_action( 'after_setup_theme', 'create_sakura_table' ); diff --git a/inc/api.php b/inc/api.php index ef77961..b651fc5 100644 --- a/inc/api.php +++ b/inc/api.php @@ -407,25 +407,6 @@ function update_database() { $wpdb->insert($sakura_table_name,$time); $message = "manifest.json has been stored into database."; } - if(isset($_FILES["rsa"])){ - if($_FILES["rsa"]["name"]=="public.key"){ - $pubkey = array( - "mate_key" => "pubkey", - "mate_value" => file_get_contents($_FILES["rsa"]["tmp_name"]) - ); - $wpdb->query("DELETE FROM `wp_sakura` WHERE `mate_key` ='pubkey'"); - $wpdb->insert($sakura_table_name,$pubkey); - } - if($_FILES["rsa"]["name"]=="private.key"){ - $privkey = array( - "mate_key" => "privkey", - "mate_value" => file_get_contents($_FILES["rsa"]["tmp_name"]) - ); - $wpdb->query("DELETE FROM `wp_sakura` WHERE `mate_key` ='privkey'"); - $wpdb->insert($sakura_table_name,$privkey); - } - $message = "key pairs has been stored into database."; - } $output = array( 'status' => 200, 'success' => true, @@ -453,20 +434,21 @@ function update_database() { */ function get_qq_avatar(){ global $sakura_privkey; - $qq_number=$_GET["qq"]; - $encrypted = urldecode(base64_decode($qq_number)); - openssl_private_decrypt($encrypted, $qq_number, openssl_pkey_get_private($sakura_privkey)); - preg_match('/^\d{3,}$/', $qq_number, $matches); - $imgurl='https://q2.qlogo.cn/headimg_dl?dst_uin='.$matches[0].'&spec=100'; - if(akina_option('qq_avatar_link')=='off'){ - $imgdata = file_get_contents($imgurl); - header("Content-type: image/jpeg"); - echo $imgdata; - }else{ - $response = new WP_REST_Response(); - $response->set_status(302); - $response->header('Location', $imgurl); - return $response; - } - + $encrypted=$_GET["qq"]; + if(isset($encrypted)){ + $encrypted = urldecode(base64_decode($encrypted)); + $qq_number = openssl_decrypt($encrypted, 'aes-128-cbc', $sakura_privkey, 0); + preg_match('/^\d{3,}$/', $qq_number, $matches); + $imgurl='https://q2.qlogo.cn/headimg_dl?dst_uin='.$matches[0].'&spec=100'; + if(akina_option('qq_avatar_link')=='type_1'){ + $imgdata = file_get_contents($imgurl); + header("Content-type: image/jpeg"); + echo $imgdata; + }else{ + $response = new WP_REST_Response(); + $response->set_status(302); + $response->header('Location', $imgurl); + return $response; + } + } } diff --git a/manifest/README.md b/manifest/README.md index 2209345..10c0fab 100644 --- a/manifest/README.md +++ b/manifest/README.md @@ -24,7 +24,7 @@ pip3 install Pillow pip install Pillow --user ``` -用同样的方法安装`requests`、`pycryptodome` +用同样的方法安装`requests` ### 运行 把图片文件放到 `gallary` 目录,Windows 可直接双击 manifest.py,或者和其他操作系统一样,在 Terminal、Powershell、CMD 中运行: diff --git a/manifest/manifest.py b/manifest/manifest.py index 941b3fd..9828390 100644 --- a/manifest/manifest.py +++ b/manifest/manifest.py @@ -10,7 +10,6 @@ import json import requests import base64 import hashlib -from Crypto.PublicKey import RSA from PIL import Image class Single(object): @@ -52,7 +51,7 @@ class Single(object): return self.mani -class Upload2Wordpress: +class Upload2Wordpress(object): def __init__(self, username, password, url): self.username = username self.password = password @@ -69,20 +68,10 @@ class Upload2Wordpress: reply = requests.post(self.url, headers=headers, files=files) print(json.loads(reply.content)['message']) - def upload_manifest(self): + def main(self): print('start uploading `manifest.json`...') self.upload('manifest.json', 'manifest') - def upload_key(self): - print('start uploading `private.key`...') - self.upload('private.key', 'rsa') - print('start uploading `public.key`...') - self.upload('public.key', 'rsa') - - def main(self): - self.upload_manifest() - self.upload_key() - def gen_manifest_json(): onlyfiles = [f for f in os.listdir('gallary') if os.path.isfile(os.path.join('gallary', f))] @@ -97,21 +86,8 @@ def gen_manifest_json(): json.dump(Manifest, json_file) -def gen_key_pairs(): - key = RSA.generate(1024) - pv_key_string = key.exportKey() - with open("private.key", "w+") as prv_file: - print("{}".format(pv_key_string.decode()), file=prv_file) - pb_key_string = key.publickey().exportKey() - with open("public.key", "w+") as pub_file: - print("{}".format(pb_key_string.decode()), file=pub_file) - - def main(): gen_manifest_json() - if not os.path.exists("public.key") or not os.path.exists("private.key"): - print("start generating key pairs...") - gen_key_pairs() username = input('Enter your username: ') password = input('Enter your password: ') url = input('Enter your rest api url: ') diff --git a/manifest/private.key b/manifest/private.key deleted file mode 100644 index 32d26d4..0000000 --- a/manifest/private.key +++ /dev/null @@ -1,15 +0,0 @@ ------BEGIN RSA PRIVATE KEY----- -MIICXgIBAAKBgQDC2aXWaqi3rnlmHm97aEPtgvfW6brUztfev88GxdizNLCItEfy -qrNEovewoXXNOVlEfzgWpGyMbcdno5S0Q4H+nc9WPIzKIrx3AeSyzGAuammcZ/m9 -5fPlS9oVCcH9kakgpkvut6VCx2DMNz+UeHJ7E0qyIIbZH2o3t0ZXuJ+fEQIDAQAB -AoGAI3ucEhhZQh3ROLH5Ljl2CUYM2QO2RLOoJwW57ytPQ48oSLS/12aTf7/HqFA2 -0hkL8wfR0Hm/1LDXG73zwgH7JW9ByYGNFbnjEIAcY6DZc0zFuV++yUqNiYVggkVa -ae0e0Z0aoLC1S5494Oa5XEYb9kCCezb6n5GMyqlmlcPr5ksCQQDC9BYYuTilSOVC -AnwOXaIE88Yr006WXQFYBeEeNB17eDSpNKsc/1z+K+NOZacCRP5rTViIsiNWcodM -3EWhPljfAkEA/91IXqF8gxutvRN1eAa6YZlFEeZtDSPDtB7bmds4NEqgCMwxKQaG -VLAmbVsJpevXRiu10ewOz688XWN+GBLWDwJBAJal7YlPX/GBYf9fUiP7wN6YzdNB -52GUHxy49lvTo9Csc+0pEO1Ie8DBg1YqgSLk08FxNG/1UA9WUy1WrcvLFPsCQQCW -agDEWMy4yom9cHYLJHFnNNJM7phHNDI1bjqM3TnSS9h+s4Nm6cYIfTFp8i3e06FP -SBzwFoSyhQLIp9eV0WTzAkEAo8ByUQGurZnv7PeLoEt2P2pBPYYEU6iA1qUNq7oY -cnVtlsQiDWiecc+aqhX3LQ3VVNdDvg0BSywB0nixDeD0CQ== ------END RSA PRIVATE KEY----- diff --git a/manifest/public.key b/manifest/public.key deleted file mode 100644 index f94d13f..0000000 --- a/manifest/public.key +++ /dev/null @@ -1,6 +0,0 @@ ------BEGIN PUBLIC KEY----- -MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDC2aXWaqi3rnlmHm97aEPtgvfW -6brUztfev88GxdizNLCItEfyqrNEovewoXXNOVlEfzgWpGyMbcdno5S0Q4H+nc9W -PIzKIrx3AeSyzGAuammcZ/m95fPlS9oVCcH9kakgpkvut6VCx2DMNz+UeHJ7E0qy -IIbZH2o3t0ZXuJ+fEQIDAQAB ------END PUBLIC KEY----- From 14055ede78a138e6d99dbdb77a0b18fc113d37fb Mon Sep 17 00:00:00 2001 From: spirit Date: Thu, 5 Dec 2019 23:31:33 +0800 Subject: [PATCH 5/5] update --- inc/api.php | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/inc/api.php b/inc/api.php index b651fc5..970551e 100644 --- a/inc/api.php +++ b/inc/api.php @@ -440,13 +440,14 @@ function get_qq_avatar(){ $qq_number = openssl_decrypt($encrypted, 'aes-128-cbc', $sakura_privkey, 0); preg_match('/^\d{3,}$/', $qq_number, $matches); $imgurl='https://q2.qlogo.cn/headimg_dl?dst_uin='.$matches[0].'&spec=100'; - if(akina_option('qq_avatar_link')=='type_1'){ + if(akina_option('qq_avatar_link')=='type_2'){ $imgdata = file_get_contents($imgurl); header("Content-type: image/jpeg"); + header("Cache-Control: max-age=86400"); echo $imgdata; }else{ $response = new WP_REST_Response(); - $response->set_status(302); + $response->set_status(301); $response->header('Location', $imgurl); return $response; }